Skip to content

feat: add dbus service permission config for update plugin#307

Merged
xionglinlin merged 1 commit into
linuxdeepin:masterfrom
xionglinlin:master
Jun 11, 2026
Merged

feat: add dbus service permission config for update plugin#307
xionglinlin merged 1 commit into
linuxdeepin:masterfrom
xionglinlin:master

Conversation

@xionglinlin

Copy link
Copy Markdown
Contributor
  1. Add installation of permission-interfaces JSON config file for the update plugin
  2. Define D-Bus service permission for org.deepin.dde.Lastore1 interface
  3. Config file lists the dbus service, path, and interface required by the update plugin
  4. This supports the control center's new security permission check mechanism

Log: Added D-Bus service permission config for update plugin

Influence:

  1. Verify the permission-interfaces config file is installed to the correct directory
  2. Check that the JSON config file contains valid syntax and content
  3. Test update plugin functionality with the new permission check mechanism
  4. Verify D-Bus communication with org.deepin.dde.Lastore1 service is properly authorized

feat: 为更新插件添加 D-Bus 服务权限配置

  1. 添加更新插件的权限接口JSON配置文件安装
  2. 定义 org.deepin.dde.Lastore1 接口的 D-Bus 服务权限
  3. 配置文件列出更新插件所需的 D-Bus 服务、路径和接口
  4. 配合控制中心新增的安全权限检查机制

Log: 新增更新插件的 D-Bus 服务权限配置

Influence:

  1. 验证权限接口配置文件已安装到正确目录
  2. 检查 JSON 配置文件语法和内容是否有效
  3. 测试更新插件在新权限检查机制下的功能
  4. 验证与 org.deepin.dde.Lastore1 服务的 D-Bus 通信已正确授权

PMS: TASK-390841
Change-Id: I4e9139e72210de6e8ee7a3e4be76869ed05e63e3

1. Add installation of permission-interfaces JSON config file for the
update plugin
2. Define D-Bus service permission for org.deepin.dde.Lastore1 interface
3. Config file lists the dbus service, path, and interface required by
the update plugin
4. This supports the control center's new security permission check
mechanism

Log: Added D-Bus service permission config for update plugin

Influence:
1. Verify the permission-interfaces config file is installed to the
correct directory
2. Check that the JSON config file contains valid syntax and content
3. Test update plugin functionality with the new permission check
mechanism
4. Verify D-Bus communication with org.deepin.dde.Lastore1 service is
properly authorized

feat: 为更新插件添加 D-Bus 服务权限配置

1. 添加更新插件的权限接口JSON配置文件安装
2. 定义 org.deepin.dde.Lastore1 接口的 D-Bus 服务权限
3. 配置文件列出更新插件所需的 D-Bus 服务、路径和接口
4. 配合控制中心新增的安全权限检查机制

Log: 新增更新插件的 D-Bus 服务权限配置

Influence:
1. 验证权限接口配置文件已安装到正确目录
2. 检查 JSON 配置文件语法和内容是否有效
3. 测试更新插件在新权限检查机制下的功能
4. 验证与 org.deepin.dde.Lastore1 服务的 D-Bus 通信已正确授权

PMS: TASK-390841
Change-Id: I4e9139e72210de6e8ee7a3e4be76869ed05e63e3

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry @xionglinlin, you have reached your weekly rate limit of 500000 diff characters.

Please try again later or upgrade to continue using Sourcery

@deepin-ci-robot

Copy link
Copy Markdown

deepin pr auto review

我来审查这段代码变更,主要涉及CMakeLists.txt和新增的权限接口配置文件。

CMakeLists.txt 变更分析:

  1. 版权信息更新

    • 将版权年份从"2025"扩展到"2025 - 2026",这是一个合理的更新,表明项目维护在继续。
  2. 新增权限接口安装配置

    install(FILES "misc/permission-interfaces/org.deepin.dcc-update-ui.json"
        DESTINATION share/dde-control-center/permission-interfaces)
    • 这部分新增了权限接口JSON文件的安装规则
    • 安装路径为share/dde-control-center/permission-interfaces,这是一个合理的系统级配置目录

新增权限接口配置文件分析:

  1. 文件结构

    • 新增了一个JSON配置文件,用于定义更新插件需要的D-Bus系统服务接口权限
    • 文件路径为misc/permission-interfaces/org.deepin.dcc-update-ui.json
  2. 配置内容

    {
        "version": "1.0",
        "description": "更新插件需要授权的 D-Bus 系统服务接口",
        "DestList": [
            {
                "DbusName": "org.deepin.dde.Lastore1",
                "DbusPath": "/org/deepin/dde/Lastore1",
                "DbusInterface": "org.deepin.dde.Lastore1.Manager"
            }
        ]
    }
    • 版本号设为"1.0",符合初始版本规范
    • 描述清晰说明了文件用途
    • 定义了一个D-Bus服务接口,用于系统更新管理

改进建议:

  1. 安全性增强

    • 建议在JSON配置文件中添加权限控制字段,如"AllowedUsers"或"RequiredGroups",明确哪些用户或用户组可以访问这些接口
    • 考虑添加"AllowedActions"字段,明确列出允许执行的具体操作
  2. 代码质量改进

    • CMakeLists.txt中的安装路径建议使用变量定义,如${CMAKE_INSTALL_DATADIR},以提高可移植性
    • 建议为新增的JSON文件添加校验机制,确保其格式正确
  3. 性能考虑

    • 权限检查应该在应用启动时尽早进行,避免在运行时才检查权限带来的性能开销
    • 考虑缓存权限检查结果,避免重复验证
  4. 代码维护性

    • 建议在JSON配置中添加注释,解释每个字段的用途和可能的值
    • 考虑将版本号定义为常量,便于统一管理
  5. 错误处理

    • 建议添加对JSON文件加载失败的错误处理机制
    • 考虑添加日志记录,便于追踪权限相关的操作

总体而言,这次变更主要是为了增加权限控制功能,这是一个良好的安全实践。上述建议旨在进一步增强系统的安全性、可靠性和可维护性。

@deepin-ci-robot

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: mhduiy, xionglinlin

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@xionglinlin xionglinlin merged commit 59f1c53 into linuxdeepin:master Jun 11, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants